search

cypress-io / cypress

Fast, easy and reliable testing for anything that runs in a browser.
https://cypress.io
MIT License
47.06k stars 3.19k forks source link

Redirection breaks out of cypress iframe when a `top` or `parent` redirection is made inside an iframe #19234

Open mathias-vandaele opened 2 years ago

mathias-vandaele commented 2 years ago

Current behavior

When clicking on a button (in an iframe) that is triggering a Javascript function that does :

window.top.location.href = <any url>

Cypress breaks out of its iframe and is redirecting to new page.

Desired behavior

the iframe cypress is using should always be considered as the top level window/document and we should not be able to break this behavior.

I provided a very simple repository where you can reproduce the issue

Test code to reproduce

https://github.com/mathias-vandaele/issuecypress

README.md for more information

Cypress Version

9.1.0

Other

I found a way (dirty) to workaround this issue 👍🏼

I check which Js is causing the problem and I execute before opening the page : 

cy.intercept('<full Js url>', (req) => {
    req.continue( res => {
         res.body = res.body.replace('window.top.location.href', 'window.self.location.href')
         res.send()
    })
})
muralinaidud commented 2 years ago

Is this issue resolved ? @mathias-vandaele mathias-vandaele could you please explain bit more about your workaround ?

roc commented 1 year ago

I found this worked when we were testing a stripe payment flow:

module.exports = defineConfig({
  e2e: {
    experimentalModifyObstructiveThirdPartyCode: true,
...

Docs here: https://docs.cypress.io/guides/guides/web-security#Modifying-Obstructive-Third-Party-Code

Updates the Sec-Fetch-Dest Metadata header from iframe to document in cases where requests come from the application under test.

AtofStryker commented 1 year ago

@mathias-vandaele have you tried the experimentalModifyObstructiveThirdPartyCode option?

cypress-app-bot commented 1 year ago

This issue has not had any activity in 180 days. Cypress evolves quickly and the reported behavior should be tested on the latest version of Cypress to verify the behavior is still occurring. It will be closed in 14 days if no updates are provided.

kaloyanBozhkov commented 9 months ago

I found this worked when we were testing a stripe payment flow:

module.exports = defineConfig({
  e2e: {
    experimentalModifyObstructiveThirdPartyCode: true,
...

Docs here: https://docs.cypress.io/guides/guides/web-security#Modifying-Obstructive-Third-Party-Code

Updates the Sec-Fetch-Dest Metadata header from iframe to document in cases where requests come from the application under test.

I tried using this and the stripe checkout flow loads correctly where it should, instead of window.top mode and force-quitting Cypress. Thanks!

cypress-app-bot commented 3 months ago

This issue has not had any activity in 180 days. Cypress evolves quickly and the reported behavior should be tested on the latest version of Cypress to verify the behavior is still occurring. It will be closed in 14 days if no updates are provided.

muralinaidud commented 3 months ago

This issue is still exist